1 |
commit: e637ccb494e7d6fa6f2e96a4eb6fba8a0c82e650 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 25 17:36:30 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 25 17:37:33 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e637ccb4 |
7 |
|
8 |
Add CONFIG_LANDLOCK to KSPP and RANDSTRUCT fix |
9 |
|
10 |
Bug: https://bugs.gentoo.org/865685 |
11 |
|
12 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
13 |
|
14 |
4567_distro-Gentoo-Kconfig.patch | 21 +++++++++++---------- |
15 |
1 file changed, 11 insertions(+), 10 deletions(-) |
16 |
|
17 |
diff --git a/4567_distro-Gentoo-Kconfig.patch b/4567_distro-Gentoo-Kconfig.patch |
18 |
index 0a380985..9e0701dd 100644 |
19 |
--- a/4567_distro-Gentoo-Kconfig.patch |
20 |
+++ b/4567_distro-Gentoo-Kconfig.patch |
21 |
@@ -1,14 +1,14 @@ |
22 |
---- a/Kconfig 2022-05-11 13:20:07.110347567 -0400 |
23 |
-+++ b/Kconfig 2022-05-11 13:21:12.127174393 -0400 |
24 |
+--- a/Kconfig 2022-08-25 10:11:47.220973785 -0400 |
25 |
++++ b/Kconfig 2022-08-25 10:11:56.997682513 -0400 |
26 |
@@ -30,3 +30,5 @@ source "lib/Kconfig" |
27 |
source "lib/Kconfig.debug" |
28 |
|
29 |
source "Documentation/Kconfig" |
30 |
+ |
31 |
+source "distro/Kconfig" |
32 |
---- /dev/null 2022-05-10 13:47:17.750578524 -0400 |
33 |
-+++ b/distro/Kconfig 2022-05-11 13:21:20.540529032 -0400 |
34 |
-@@ -0,0 +1,290 @@ |
35 |
+--- /dev/null 2022-08-25 07:13:06.694086407 -0400 |
36 |
++++ b/distro/Kconfig 2022-08-25 13:21:55.150660724 -0400 |
37 |
+@@ -0,0 +1,291 @@ |
38 |
+menu "Gentoo Linux" |
39 |
+ |
40 |
+config GENTOO_LINUX |
41 |
@@ -185,7 +185,7 @@ |
42 |
+config GENTOO_KERNEL_SELF_PROTECTION_COMMON |
43 |
+ bool "Enable Kernel Self Protection Project Recommendations" |
44 |
+ |
45 |
-+ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT |
46 |
++ depends on GENTOO_LINUX && !ACPI_CUSTOM_METHOD && !COMPAT_BRK && !PROC_KCORE && !COMPAT_VDSO && !KEXEC && !HIBERNATION && !LEGACY_PTYS && !X86_X32 && !MODIFY_LDT_SYSCALL && GCC_PLUGINS && !IOMMU_DEFAULT_DMA_LAZY && !IOMMU_DEFAULT_PASSTHROUGH && IOMMU_DEFAULT_DMA_STRICT && SECURITY && !ARCH_EPHEMERAL_INODES && RANDSTRUCT_PERFORMANCE |
47 |
+ |
48 |
+ select BUG |
49 |
+ select STRICT_KERNEL_RWX |
50 |
@@ -202,6 +202,7 @@ |
51 |
+ select HARDENED_USERCOPY if HAVE_HARDENED_USERCOPY_ALLOCATOR=y |
52 |
+ select KFENCE if HAVE_ARCH_KFENCE && (!SLAB || SLUB) |
53 |
+ select RANDOMIZE_KSTACK_OFFSET_DEFAULT if HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET && (INIT_STACK_NONE || !CC_IS_CLANG || CLANG_VERSION>=140000) |
54 |
++ select SECURITY_LANDLOCK |
55 |
+ select SCHED_CORE if SCHED_SMT |
56 |
+ select BUG_ON_DATA_CORRUPTION |
57 |
+ select SCHED_STACK_END_CHECK |
58 |
@@ -224,7 +225,7 @@ |
59 |
+ select GCC_PLUGIN_LATENT_ENTROPY |
60 |
+ select GCC_PLUGIN_STRUCTLEAK |
61 |
+ select GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
62 |
-+ select GCC_PLUGIN_RANDSTRUCT |
63 |
++ select GCC_PLUGIN_RANDSTRUCT |
64 |
+ select GCC_PLUGIN_RANDSTRUCT_PERFORMANCE |
65 |
+ select ZERO_CALL_USED_REGS if CC_HAS_ZERO_CALL_USED_REGS |
66 |
+ |
67 |
@@ -239,12 +240,12 @@ |
68 |
+ depends on !X86_MSR && X86_64 && GENTOO_KERNEL_SELF_PROTECTION |
69 |
+ default n |
70 |
+ |
71 |
++ select GCC_PLUGIN_STACKLEAK |
72 |
++ select LEGACY_VSYSCALL_NONE |
73 |
++ select PAGE_TABLE_ISOLATION |
74 |
+ select RANDOMIZE_BASE |
75 |
+ select RANDOMIZE_MEMORY |
76 |
+ select RELOCATABLE |
77 |
-+ select LEGACY_VSYSCALL_NONE |
78 |
-+ select PAGE_TABLE_ISOLATION |
79 |
-+ select GCC_PLUGIN_STACKLEAK |
80 |
+ select VMAP_STACK |
81 |
+ |
82 |
+ |